Driver and event log level

DBF_DGR · June 11, 2025, 4:05pm

Hello all,

In our kernel driver, we need to log some events into the system's events log.
So according to this Microsoft manual page, it is only possible as an error. Unfortunately this is not the case and it leads to some confusion.

So is it possible for a driver to log info/warning events instead of error ?

Thanks in advance,
Best regards,
Eric.

Mark_Roddy · June 11, 2025, 8:46pm

The doc page is and always has been utterly unhelpful for your purposes. Follow the link to Defining Custom Error Types - Windows drivers | Microsoft Learn

And then to the serial driver sample, which illustrates exactly what you are trying to do. Windows-driver-samples/serial/serial/utils.c at main · microsoft/Windows-driver-samples

DBF_DGR · June 12, 2025, 8:50am

Hello Mark,

Thanks for your reply.

I read the SerialLogError(() function in the utils.c file. But it ends with a call to IoWriteErrorLogEntry() which then will log an error event in the system's log.
And I found nowhere any indication of an event level (INFO, WARNING,DEBUG, ...) in the code. Even the entry allocation primitive is named : IoAllocateErrorLogEntry().

So is it possible to log anything other than an error in the system's log ?

Best regards,
Eric.

Mark_Roddy · June 12, 2025, 10:35pm

See Windows-driver-samples/serial/serial/serlog.mc at main · microsoft/Windows-driver-samples

The mc file illustrates how to set the 'severity' - Success Informational Warning Error.

MessageId=0x0001 Facility=Serial Severity=Informational SymbolicName=SERIAL_KERNEL_DEBUGGER_ACTIVE
Language=English
The kernel debugger is already using %2.

As I said, the docs are nearly useless.

DBF_DGR · June 13, 2025, 7:09am

Hello Mark,

Many thanks.
I believed that the Severity field was ignored since the log primitive's name : "Error".

Best regards,
Eric.

Pavel_A1 · June 13, 2025, 8:00pm

Yes, the WDK documentation lacks in some details - but these days your favorite AI is your best friend. Just ask and it will explain with examples.

Tim_Roberts · June 13, 2025, 11:04pm

Remember that the Windows log itself was originally called the "error log". The entries in that log can be at different severities.

DBF_DGR · June 16, 2025, 3:28pm

Hello Tim,

This should be a very very long time from now. I started Windows dev
with NT 3.51 and it was already named "Event Log"
(Windows NT 3.51)

Best regards,
Eric.